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DETAILED ACTION 



Specification 



1 . The abstract of the disclosure is objected to because the abstract is too long 
(more than 150 words). Correction is required. See MPEP § 608.01(b). 

Applicant is reminded of the proper language and format for an abstract of the 
disclosure. 

The abstract should be in narrative form and generally limited to a single 
paragraph on a separate sheet within the range of 50 to 150 words. It is important that 
the abstract not exceed 150 words in length since the space provided for the abstract 
on the computer tape used by the printer is limited. The form and legal phraseology 
often used in patent claims, such as "means" and "said," should be avoided. The 
abstract should describe the disclosure sufficiently to assist readers in deciding whether 
there is a need for consulting the full patent text for details. 

The language should be clear and concise and should not repeat information 
given in the title. It should avoid using phrases which can be implied, such as, 'The 
disclosure concerns," "The disclosure defined by this invention," 'The disclosure 
describes," etc. 



2. The nonstatutory double patenting rejection is based on a judicially created 
doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the 
unjustified or improper timewise extension of the "right to exclude" granted by a patent 
and to prevent possible harassment by multiple assignees. See In re Goodman, 1 1 



Double Patenting 
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F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 
USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 
1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970);and, In re Thorington, 
418 F.2d 528, 163 USPQ 644 (CCPA 1969). 

A timely filed terminal disclaimer in compliance with 37 CFR 1 .321(c) may be 
used to overcome an actual or provisional rejection based on a nonstatutory double 
patenting ground provided the conflicting application or patent is shown to be commonly 
owned with this application. See 37 CFR 1 .130(b). 

Effective January 1 , 1994, a registered attorney or agent of record may sign a 
terminal disclaimer. A terminal disclaimer signed by the assignee must fully comply with 
37 CFR 3.73(b). 

3. Claim 1 of the instant application (09/774,265) is provisionally rejected under the 
judicially created doctrine of obviousness-type double patenting as being unpatentable 
over claim 1 of copending Application No. 09/800,098 (U.S. Patent Application Pub. No. 
US 2002/0169876). Although the conflicting claims are not identical, they are not 
patentably distinct from each other because in view of the "obviousness-type" double 
patenting rationale enunciated in Georgia Pacific Corp v United States Gypsum Co., 
52 USPQ2d 1590, U.S. Court of Appeals Federal Circuit 1999, the instant 
application's claim 1 merely defines an obvious variation of the invention claimed in 
copending Application No. 09/800,098 (U.S. Patent Application Pub. No. US 
2002/0169876). 
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This is a provisional obviousness-type double patenting rejection because the 
conflicting claims have not in fact been patented. 

User's are a subset of organization (obvious variation). As in the Geogia Pacific 
case claim 1 of the instant application is merely a subset of claim 1 of copending 
Application No. 09/800,098098 (U.S. Patent Application Pub. No. US 2002/0169876). 
These differences are not sufficient to render the claim patentably distinct and therefore 
a terminal disclaimer is required. 

4. Claim 1 of the instant application (09/774,265) is provisionally rejected under the 
judicially created doctrine of obviousness-type double patenting as being unpatentable 
over claim 1 of copending Application No. 09/772,486 (U.S. Patent Application Pub. No. 
US 2002/0156904). Although the conflicting claims are not identical, they are not 
patentably distinct from each other because of reasons set below: 

Regarding claim 1, claim 1 of copending Application No. 09/772,486 (U.S. Patent 
Application Pub. No. US 2002/0156904) contains every element of claim 1 of the instant 
application (09/774,265) and as such anticipate claim 1 of the instant application. 



Regarding claim 12, claim 6 of copending Application No. 09/772,486 (U.S. 
Patent Application Pub. No. US 2002/0156904) contains every element of claim 6 of the 
instant application (09/774,265) and as such anticipate claim 1 of the instant application. 
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This is a provisional obviousness-type double patenting rejection because the 
conflicting claims have not in fact been patented. 

"A later patent claim is not patentably distinct from an earlier patent claim if the 
later claim is obvious over, or anticipated by, the earlier claim. In re Longi , 759 F.2d at 
896, 225 USPQ at 651 (affirming a holding of obviousness-type double patenting 
because the claims at issue were obvious over claims in four prior art patents); In re 
Berg . 140 F.3d at 1437, 46 USPQ2d at 1233 (Fed. Cir. 1998) (affirming a holding of 
obviousness-type double patenting where a patent application claim to a genus is 
anticipated by a patent claim to a species within that genus). " ELI LILLY AND 
COMPANY v BARR LABORATORIES, INC., United States Court of Appeals for the 
Federal Circuit, ON PETITION FOR REHEARING EN BANC (DECIDED: May 30, 
2001). 

Claim Rejections - 35 USC § 102 

5. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in a patent granted on an application for patent by another filed in the 
United States before the invention thereof by the applicant for patent, or on an international application 
by another who has fulfilled the requirements of paragraphs (1 ), (2), and (4) of section 371 (c) of this 
title before the invention thereof by the applicant for patent. 

The changes made to 35 U.S.C. 102(e) by the American Inventors Protection Act 
of 1999 (AIPA) and the Intellectual Property and High Technology Technical 
Amendments Act of 2002 do not apply when the reference is a U.S. patent resulting 
directly or indirectly from an international application filed before November 29, 2000. 
Therefore, the prior art date of the reference is determined under 35 U.S.C. 102(e) prior 
to the amendment by the AIPA (pre-AlPA 35 U.S.C. 102(e)). 
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6. Claims 1-4, 6-9, 11-15 and 17-20 are rejected under 35 U.S.C.102(e) as being 
anticipated by Win et al (Hereafter, Win), U.S. Pat. No. 6,182,142. 

Regarding claim 1 , Win teaches a method for provisioning users with resources 
(= distributed access management of information resources based on the user's role in 
the organization) [see Abstract], the method comprising the steps of: 

establishing a set of attributes, organizational information, and user roles (= 
establishing groups, roles, resources and associations wherein each roles record 
contains a name string, unique identifier, description string and additional fields or 
attributes) [see Col. 13, Lines 25-31 and Col. 13, Line 55 to Col. 14, Line 3] ; 

defining a plurality of resource provisioning policies based on selected attributes, 
organizational information, and user roles (= implementing access rules by defining 
roles that users play when working for an organization or doing business with an 
enterprise) [see Col. 5, Lines 29-53 and Col. 14, Line 5-67 and Col. 15, Line 46 to Col. 
16, Line 14]; 

receiving attribute information, organizational information, and user role 
information for a particular user, resource, or database (= receiving and storing 
information about users, resources and roles of the users) [see Col. 2, Lines 28-34 and 
Col. 5, Lines 19-21 and Col. 6, Lines 27-29]; 

determining which resource provisioning policies are applicable to the user based 
on the received user role information, organizational information, and attribute 
information (= determining what resources a user can access based on roles and 
functional groups within the organization) [see Col. 5, Lines 46-62]; and 
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provisioning the user with resources based on the applicable resource 
provisioning policies (= controlling access to information resource based on the user's 
role in the organization [see Abstract] wherein assigning or deleting a role to/from a user 
can add or delete access to all resources with that role and adding or removing a role 
to/from a resource can give or take away access to that resource from all users with that 
role [see Col. 5, Line 64 to Col. 6, Line 5]). 

Regarding claim 2, Win further teaches the user roles comprising a yes value 
and a no value (= YES and NO value) [see Table 1 on Col. 17, Lines 1-18], the 
attributes comprising multiple non-binary values (= attributes such as name string or 
unique identifier are not binary values) [see Col. 13, Lines 25-31]. 

Regarding claim 3, Win further teaches the step of reconciling resources by 
comparing resources currently provisioned to the user with a list of resources that 
should be provisioned to the user based on the applicable resource access policies, and 
identifying any differences (= listing all existing and planned resources for which 
protection and controlled access is desired and checking resource list with duplicates 
are eliminated and duplicate roles are combined) [see Col. 13, line 58 to Col. 14, Line 



22]. 



Regarding claim 4, Win further teaches the step provisioning or de-provisioning 
resources to the user based on the differences detected by reconciliation (= using 
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administration application (114) to list, create, delete and modify user, resource and role 
records and assign roles to users and resources and specify within which a role is 
effective) [see Col. 13, Lines 23-46]. 

Regarding claim 6, Win further teaches including the steps of receiving timing 
information related to the timing of the provisioning or resources, and provisioning the 
user with resources at a certain time specified by the timing information (= indicating 
when the password or account will expire and assigning roles to users and resources 
and specify dates within which a role is effective) [see Col. 13, Lines 23-37]. 

Regarding claim 7, Win further teaches the attributes comprising user attributes 
(= user personal information, user identifier and account information, etc.) [see Col. 13, 
Lines 25-31 and Col. 16, Lines 1-3] and resource attributes (= resource name, resource 
identifier, a description, a relative URL, a web server, etc.) [see Col. 14, Lines 64-67]. 

Regarding claim 8, Win further teaches the step of provisioning the user with 
"hard" resources (= web server) [see Col. 14, Lines 64-67] and "soft" resources (= email 
address, URL web page, etc.) [see Col. 14, Lines 64-67 and Col. 16, Lines 1-13]. 

Regarding claim 9, Win further teaches the step of provisioning the user with 
resource bundles (= enabling users to log in to the system and thereafter access one or 
more resources during an authenticated session) [see Col. 6, Lines 6-8]. 
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Regarding claim 1 1 , Win further teaches the step of provisioning the user with 
resources comprising communicating requests for the resources to applications or 
persons (= requesting to use the resources at the server) [see Col. 119, Lines 15-21]. 

Regarding claim 12, Win teaches a system for provisioning users with resources 
(= distributed access management of information resources based on the user's role in 
the organization) [see Abstract], the system comprising: 

memory for storing a set of attributes, organizational information, and user roles 
(= registry repository (110) that stores information about users, resources and roles of 
the users [see Col. 6, Lines 27-29] wherein groups, roles, resources and associations 
are established [see Col. 13, Lines 25-31 and Col. 13, Line 55 to Col. 14, Line 3]), a 
plurality of resource provisioning policies based on selected attributes, organizational 
information, and user roles, and attribute information and user role information for a 
particular user or resource (= implementing access rules by defining roles that users 
play when working for an organization or doing business with an enterprise) [see Col. 5, 
Lines 29-53 and Col. 14, Line 5-67 and Col. 15, Line 46 to Col. 16, Line 14]; and 

one or more processors coupled to the memory and an organizational network 
[see Fig. 2], the processors programmed for 

determining which resource provisioning policies are applicable to a particular 
user based on the stored user role information, organizational information, and attribute 
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information (= determining what resources a user can access based on roles and 
functional groups within the organization) [see Col. 5, Lines 46-62], and 

provisioning the user with resources based on the applicable resource 
provisioning policies (= controlling access to information resource based on the user's 
role in the organization [see Abstract] wherein assigning or deleting a role to/from a user 
can add or delete access to all resources with that role and adding or removing a role 
to/from a resource can give or take away access to that resource from all users with that 
role [see Col. 5, Line 64 to Col. 6, Line 5]). 

Regarding claim 13, Win further teaches the user roles having a yes value and a 
no value (= YES and NO value) [see Table 1 on Col. 17, Lines 1-18], the attributes 
comprising multiple non-binary values (= attributes such as name string or unique 
identifier are not binary values) [see Col. 13, Lines 25-31]. 

Regarding claim 14, Win further teaches a system as recited in claim 13, the one 
or more processors further programmed for reconciling resources by comparing 
resources currently provisioned to the user with a list of resources that should be 
provisioned to the user based on the applicable resource provisioning policies, and 
identifying any differences (= listing all existing and planned resources for which 
protection and controlled access is desired and checking resource list with duplicates 
are eliminated and duplicate roles are combined) [see Col. 13, line 58 to Col. 14, Line 



22]. 
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Regarding claim 15, Win further teaches a system as recited in claim 14, the one 
or more processors further programmed for provisioning or de-provisioning resources to 
the user based on the differences detected by reconciliation (= using administration 
application (114) to list, create, delete and modify user, resource and role records and 
assign roles to users and resources and specify within which a role is effective) [see 
Col. 13, Lines 23-46]. 

Regarding claim 17, Win further teaches the one or more processors further 
programmed for receiving timing information related to the timing of the provisioning or 
resources, and provisioning the user with resources at a certain time specified by the 
timing information (= indicating when the password or account will expire and assigning 
roles to users and resources and specify dates within which a role is effective) [see Col. 
13, Lines 23-37]. 

Regarding claim 18, Win further teaches the attributes comprising user attributes 
(= user personal information, user identifier and account information, etc.) [see Col. 13, 
Lines 25-31 and Col. 16, Lines 1-3] and resource attributes (= resource name, resource 
identifier, a description, a relative URL, a web server, etc.) [see Col. 14, Lines 64-67]. 
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Regarding claim 19, Win further teaches the user may be provisioned with "hard" 
resources (= web server) [see Col. 14, Lines 64-67] and "soft" resources (= email 
address, URL web page, etc.) [see Col. 14, Lines 64-67 and Col. 16, Lines 1-13]. 

Regarding claim 20, Win further teaches the user is provisioned with resource 
bundles (= enabling users to log in to the system and thereafter access one or more 
resources during an authenticated session) [see Col. 6, Lines 6-8]. 



7. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 

obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 1 02 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

8. Claims 5, 10, 16 and 21 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Win et al (Hereafter, Win), U.S. Pat. No. 6,182,142 in view of Cheng, 
U.S. Pat. No. 6,067,548. 

Regarding claim 5, Win does not explicitly teach the step of de-provisioning the 
user with some or all of the user's allocated resources if the user is terminated, 
suspended, or placed on leave. 

However, Cheng, in the same field of dynamic organizational model and role- 
based management system, discloses when a user defined member class (92) is 
moved to another organization, some of the user-defined attributes (94) from the 
original organization may be mapped to the new one and all other irrelevant information 
is dropped [see Cheng, Fig. 5 and Col. 8, Line 29 to Col. 9, Line 4]. It would have been 



Claim Rejections - 35 (JSC § 103 
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obvious to one of ordinary skill in the art at the time of the invention was made to 
incorporate the teaching of de-provisioning the user with some or all of the user's 
allocated resources if the user's status in the organization is changed as disclosed by 
Cheng, into the distributed access management of information resources based on the 
user's role in the organization disclosed by Win, in order to enhance the organizational 
management methodology because it provides a dynamic or proactive way of querying 
the life-cycle of the member of the organization to immediately determine availability of 
the resource [see Cheng, col. 3, Lines 31-39]. 

Regarding claim 10, Win does not explicitly teach the step of defining a plurality 
of resource provisioning policies utilizing decision statements that allow irrelevant steps 
to be bypassed. 

However, Cheng, in the same field of dynamic organizational model and role- 
based management system, discloses defining a plurality of resource provisioning 
policies utilizing decision statements (Boolean statements) [see Cheng, Col. 13, Line 34 
to Col. 14, Line 63] that would allow irrelevant steps to be skipped if the question is 
answered. It would have been obvious to one of ordinary skill in the art at the time of the 
invention was made to incorporate the teaching of defining a plurality of resource 
provisioning policies utilizing decision statements (Boolean statements) as disclosed by 
Cheng, into the distributed access management of information resources based on the 
user's role in the organization disclosed by Win, in order to enhance the organizational 
management methodology because it provides a dynamic or proactive way of querying 
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the life-cycle of the member of the organization to immediately determine availability of 
the resource [see Cheng, col. 3, Lines 31-39]. 

Regarding claim 16, Win does not explicitly teach the one or more processors 
further programmed for de-provisioning the user with some or all of the user's allocated 
resources if the user is terminated, suspended, or placed on leave. 

However, Cheng, in the same field of dynamic organizational model and role- 
based management system, discloses when a user defined member class (92) is 
moved to another organization, some of the user-defined attributes (94) from the 
original organization may be mapped to the new one and all other irrelevant information 
is dropped [see Cheng, Fig. 5 and Col. 8, Line 29 to Col. 9, Line 4]. It would have been 
obvious to one of ordinary skill in the art at the time of the invention was made to 
incorporate the teaching of de-provisioning the user with some or all of the user's 
allocated resources if the user's status in the organization is changed as disclosed by 
Cheng, into the distributed access management of information resources based on the 
user's role in the organization disclosed by Win, in order to enhance the organizational 
management methodology because it provides a dynamic or proactive way of querying 
the life-cycle of the member of the organization to immediately determine availability of 
the resource [see Cheng, col. 3, Lines 31-39]. 



Regarding claim 21 , Win does not explicitly teach the plurality of resource 
provisioning policies utilizing decision statements that allow irrelevant steps to be 
bypassed. 
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However, Cheng, in the same field of dynamic organizational model and role- 
based management system, discloses defining a plurality of resource provisioning 
policies utilizing decision statements (Boolean statements) [see Cheng, Col. 13, Line 34 
to Col. 14, Line 63] that would allow irrelevant steps to be skipped if the question is 
answered. It would have been obvious to one of ordinary skill in the art at the time of the 
invention was made to incorporate the teaching of defining a plurality of resource 
provisioning policies utilizing decision statements (Boolean statements) as disclosed by 
Cheng, into the distributed access management of information resources based on the 
user's role in the organization disclosed by Win, in order to enhance the organizational 
management methodology because it provides a dynamic or proactive way of querying 
the life-cycle of the member of the organization to immediately determine availability of 
the resource [see Cheng, col. 3, Lines 31-39]. 



9. The following references cited by the examiner but not relied upon are 
considered pertinent to applicant's disclosure. 

A) Schneider et al, U.S. Pat. No. 6,408,336, discloses distributed administration of 
access to information. 

B) Ginn, U.S. Pat. No. 6,052,723, discloses aggregating control on an electronic 
network by creating groups of users and determining policy for groups of users. 

C) Barkley, U.S. Pat. No. 6,088,679, discloses workflow management employing 
role-based access control. 
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D) Hudson et al, U.S. Pat. No. 6,055,637, discloses resource access control system 
with user's assigned role and unique identifier. 

E) Du et al, U.S. Pat. No. 5,826,239, discloses distributed workflow resource 
management. 

F) Barkley et al, U.S. Pat. No. 6,202,066, discloses role/group permission 
association using object access type. 

G) Kuhn, U.S. Pat. No. 6,023,765, discloses implementation of role-based access 
control in multi-level secure systems. 

H) Ueno et al, U.S. Pat. No. 6,237,036, discloses generating access control lists. 

I) Fisher et al, U.S. Pat. No. 6,085,191, discloses providing database access 
control in a secured distributed network. 

J) Deinhart et al, European Patent Application No. EP 0697662A1, discloses role- 
based access control in distributed and centralized computer system. 

K) Hitchens et al, "Design and Specification of Role Based Access Control Policies", 
IEEE, Aug. 2000, discloses role-based access control policies. 

L) Tari et al, "A Role-Based Access Control For Intranet Security", discloses role- 
based access control. 

10. A SHORTENED STATUTORY PERIOD FOR RESPONSE TO THIS ACTION IS 
SET TO EXPIRE THREE MONTHS, OR THIRTY DAYS, WHICHEVER IS LONGER, 
FROM THE MAILING DATE OF THIS COMMUNICATION. FAILURE TO RESPOND 
WITHIN THE PERIOD FOR RESPONSE WILL CAUSE THE APPLICATION TO 
BECOME ABANDONED (35 U.S.C. § 133). EXTENSIONS OF TIME MAY BE 
OBTAINED UNDER THE PROVISIONS OF 37 CAR 1.136(A). 
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1 1 . Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Philip Tran whose telephone number is (703) 308-8767. 
The Group fax phone number is (703) 872-9306. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Hosain T. Alam, can be reached on (703) 308-6662. 

Any inquiry of a general nature or relating to the status of this application should 
be directed to the Group receptionist whose telephone number is (703) 305-3900. 

Philip B. Tran 
Art Unit 21 55 
May 24, 2004 



